[Git][security-tracker-team/security-tracker][master] Mark some bluez issues as no-dsa

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 17 08:11:46 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
608ef978 by Salvatore Bonaccorso at 2021-12-17T09:11:29+01:00
Mark some bluez issues as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5874,6 +5874,8 @@ CVE-2021-3929 [nvme: DMA reentrancy issue leads to use-after-free]
 	NOTE: Proposed patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
 CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)
 	- bluez <unfixed> (bug #998626)
+	[bullseye] - bluez <no-dsa> (Minor issue; can be fixed in point release)
+	[buster] - bluez <no-dsa> (Minor issue; can be fixed in point release)
 	[stretch] - bluez <ignored> (invasive patch, requires post-stretch revamps)
 	NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=93b64d9ca8a2bb663e37904d4b2c702c58a36e4f (5.40)
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 (5.62)
@@ -180469,11 +180471,13 @@ CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds
 CVE-2019-8922 (A heap-based buffer overflow was discovered in bluetoothd in BlueZ thr ...)
 	{DLA-2827-1}
 	- bluez 5.54-1
+	[buster] - bluez <no-dsa> (Minor issue)
 	NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
 	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6c7243fb6ab90b7b855cead98c66394fedea135f (5.51)
 CVE-2019-8921 (An issue was discovered in bluetoothd in BlueZ through 5.48. The vulne ...)
 	{DLA-2827-1}
 	- bluez 5.54-1
+	[buster] - bluez <no-dsa> (Minor issue)
 	NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
 	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7bf67b32709d828fafa26256b4c78331760c6e93 (5.51)
 CVE-2019-8920 (iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/608ef97858258cc4a1eaa7425aaf00fdf3420866

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/608ef97858258cc4a1eaa7425aaf00fdf3420866
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211217/4ac6df71/attachment.htm>

More information about the debian-security-tracker-commits mailing list